mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	Fix editing members which have access-all rights (#5213)
With web-vault v2024.6.2 and lower, if a user has access-all rights either as an org-member or via a group it shouldn't return individual collections. This probably needs to be changed with newer versions which do not support the `access-all` feature anymore and work with manage. But with the current version this should solve access right issues. Fixes #5212 Signed-off-by: BlackDex <black.dex@gmail.com>
This commit is contained in:
		
				
					committed by
					
						 GitHub
						GitHub
					
				
			
			
				
	
			
			
			
						parent
						
							b0b953f348
						
					
				
				
					commit
					96813b1317
				
			| @@ -462,7 +462,13 @@ impl UserOrganization { | ||||
|             Vec::with_capacity(0) | ||||
|         }; | ||||
|  | ||||
|         let collections: Vec<Value> = if include_collections { | ||||
|         // Check if a user is in a group which has access to all collections | ||||
|         // If that is the case, we should not return individual collections! | ||||
|         let full_access_group = | ||||
|             CONFIG.org_groups_enabled() && Group::is_in_full_access_group(&self.user_uuid, &self.org_uuid, conn).await; | ||||
|  | ||||
|         // If collections are to be included, only include them if the user does not have full access via a group or defined to the user it self | ||||
|         let collections: Vec<Value> = if include_collections && !(full_access_group || self.has_full_access()) { | ||||
|             // Get all collections for the user here already to prevent more queries | ||||
|             let cu: HashMap<String, CollectionUser> = | ||||
|                 CollectionUser::find_by_organization_and_user_uuid(&self.org_uuid, &self.user_uuid, conn) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user